NEWS - October 26, 2005

Two new versions of a virus first reported in May are staging renewed attacks against computers in Russia, encrypting files and then extorting money from victims to decode the files.

After an infection, the Russian-language instructions let victims know how many of their files have been encrypted. Translated, the warning says, "If you want to get these damn files in the decrypted format" then write to the e-mail address given. The message goes on to say, "P.S. And be thankful that they were not completely erased!"

The viruses, called "JuNy.A" and "JuNy.B," search for more than 100 file types by extension, according to a warning issued by Websense Inc. The renewed attack was first reported on a Web log published by Kaspersky Lab.

More in http://www.infoworld.com/article/05/10/25/HNextortionvirus_1.html

Microsoft plans to adopt a stronger cryptography protocol in the next version of its web browser software, Internet Explorer 7. IE7 will replace the SSLv2 (Secure Socket Layer) protocol with the sturdier TLSv1 (Transport Layer Security) protocol in default HTTPS protocol settings as a means to provide improved security for ecommerce transactions, according to a posting in Redmond's official IE development blog.

Users of IE6 can manually configure these stronger settings but the changes will mean that more users will be directed towards using the stronger SSLv3 or TLSv1 protocols rather than SSLv2. The change should be seamless for end users but adoption of the stronger encryption protocol by a wider percentage of surfers could create some work for sys admins.

More in http://www.theregister.co.uk/2005/10/25/ie7_crypto_boost/

Internet Service Provider Earthlink released Earthlink Tools for Firefox:

Earthlink Toolbar
Earthlink-branded Firefox theme

The EarthLink Toolbar featuring ScamBlocker

- Includes the EarthLink Toolbar, featuring ScamBlocker, and the hot new EarthLink theme.
- Displays a visual protection rating for Web pages you are visiting.
- Alerts you before you enter a page on our list of known fraudulent Web sites.
- Integrates with Firefox's built-in popup blocker.
- Includes a built-in search box for fast, convenient searching.

More info in http://www.earthlink.net/software/nmfree/firefox/

By Joris Evers
Staff Writer, CNET News.com
Published: October 26, 2005, 11:41 AM PDT

As Microsoft prepares to let the general public test-drive its OneCare Live security subscription service, the company is adding features requested by current testers.

The Redmond, Wash., software maker updated the beta product on Tuesday. OneCare now scans files received in MSN Messenger and enables users to scan files and folders for viruses by clicking the right mouse button, according to an e-mail Microsoft sent to testers.

Also, the software now enables users to make backups to external hard drives and it is integrated with Microsoft Update for software fixes and feature updates, the company said in the e-mail. Additionally, it has improved the "help" feature; OneCare now assists users in the removal of products that conflict with it, Microsoft's e-mail said.

more here
http://news.com.com/Microsoft+adds+to+OneCare+security+beta/2100-1029_3-5915426.html?tag=html.alert

By Dawn Kawamoto
Staff Writer, CNET News.com
Published: October 26, 2005, 10:13 AM PDT

An exploit has been published that could take advantage of a flaw in Snort, a popular open-source intrusion protection system, according to a security group.

The exploit code, published by FrSirt on Tuesday, demonstrates how vulnerabilities in a Snort sensor designed to detect an exploit tool called Back Orifice can be subject to a buffer overflow attack. Back Orifice is used by malicious attackers to take remote control of compromised systems.

Last week, security experts warned of flaws in systems running Snort 2.4.0 and higher. The vulnerabilities could allow an attacker to send a malicious packet through a network that is using Snort to guard against Back Orifice.

more here
http://news.com.com/Snort+exploit+published/2100-7349_3-5915111.html?tag=html.alert

From Sophos
October 25, 2005

Experts at SophosLabs?, Sophos's global network of virus, spyware and spam analysis centers, have warned internet users that spammers are putting the lives of innocent people at risk, by peddling drugs online that are said to combat bird flu.

Sophos's spamtraps are picking up an increasing number of junk messages which claim to sell Tamiflu, the drug believed most effective at protecting humans from the H5N1 strain of the bird flu virus. The drug is in high demand because of fears that the virus could become a pandemic, and spread further around the world after deaths in Asia.

The spam emails urge recipients to protect themselves and their families from the avian flu virus by purchasing Tamiflu from an online website. The website linked to also supposedly sells Viagra, and a number of other medications.

more here
http://www.sophos.com/spaminfo/articles/tamifluspam.html?pl_id=9&lang_id=1&lp_keyword=tamispam

Fewer businesses fell victim to August's Zotob worm that struck corporate networks than previous attacks, but those it hit paid dearly, according to a new survey.

The worm caused disruptions for about 13 percent of organizations surveyed by computer security firm Cybertrust, which released the results of a 700-company survey on Wednesday. As reported earlier, Zotob's victims included cable news station CNN, TV network ABC, The New York Times and Daimler Chrysler.

Six percent of survey respondents said Zotob's impact on their company was moderate to major, which was defined as more than $10,000 in losses and at least one major business system affected, such as e-mail or Internet connectivity.

More in http://news.zdnet.com/2100-1009_22-5915591.html